The Fast Path to the Top: Two Blind Spots Attackers Count On

Every environment has infrastructure that's trusted by default and watched by almost no one. Sometimes it's been sitting in your domain for a decade. Sometimes you deployed it last week. Either way, it's often the shortest route an attacker has to Enterprise Admin, Global Administrator, and everything underneath.

Across two sessions, Darryl Baker and Sander Berkouwer walk through two of these blind spots — one old, one brand new — and show how the same pattern plays out in both: a trusted component, a default or careless configuration, and an adversary who reaches the top faster than your audit logs can react.

Session 1 takes on Active Directory Certificate Services, the PKI backbone behind Windows Hello for Business, 802.1X, and a large share of Microsoft environments. It’s also one of the fastest paths to full domain compromise when its templates are misconfigured.

Session 2 turns to the newest blind spot in the building: the AI agents your own employees are deploying with broad access to files, systems, and identity infrastructure, and the plaintext credential sprawl that comes with them.

Different technologies, same lesson and in both cases, Netwrix is here to help you find the gaps before someone else does.